> Linksys WAP55AG does not properly secure SNMP community strings. In particular, it is possible to obtain all community strings, including read/write, by querying OID 1.3.6.1.4.1.3955.2.1.13.1.2.
>
> 1.3.6.1.4.1.3955.2.1.13.1.2.1 = STRING: "public"
> 1.3.6.1.4.1.3955.2.1.13.1.2.2 = STRING: "private"
>
> Verified on WAP55AG, firmware 1.07
But ... Can you obtain this information without a valid community string?
Hugo.
--
All email sent to me is bound to the rules described on my homepage.
hvdkooij (at) vanderkooij (dot) org [email concealed] http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
> Linksys WAP55AG does not properly secure SNMP community strings. In particular, it is possible to obtain all community strings, including read/write, by querying OID 1.3.6.1.4.1.3955.2.1.13.1.2.
>
> 1.3.6.1.4.1.3955.2.1.13.1.2.1 = STRING: "public"
> 1.3.6.1.4.1.3955.2.1.13.1.2.2 = STRING: "private"
>
> Verified on WAP55AG, firmware 1.07
But ... Can you obtain this information without a valid community string?
Hugo.
--
All email sent to me is bound to the rules described on my homepage.
hvdkooij (at) vanderkooij (dot) org [email concealed] http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
[ reply ]